D15018.diff
View Options

	Index: head/sys/netpfil/pf/pf.c
	===================================================================
	--- head/sys/netpfil/pf/pf.c
	+++ head/sys/netpfil/pf/pf.c
	@@ -369,11 +369,14 @@
	u_long pf_srchashmask;
	static u_long pf_hashsize;
	static u_long pf_srchashsize;
	+u_long pf_ioctl_maxcount = 65535;

	SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN,
	&pf_hashsize, 0, "Size of pf(4) states hashtable");
	SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN,
	&pf_srchashsize, 0, "Size of pf(4) source nodes hashtable");
	+SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RDTUN,
	+ &pf_ioctl_maxcount, 0, "Maximum number of tables, addresses, ... in a single ioctl() call");

	VNET_DEFINE(void *, pf_swi_cookie);

	Index: head/sys/netpfil/pf/pf_ioctl.c
	===================================================================
	--- head/sys/netpfil/pf/pf_ioctl.c
	+++ head/sys/netpfil/pf/pf_ioctl.c
	@@ -89,8 +89,6 @@
	#include <net/altq/altq.h>
	#endif

	-#define PF_TABLES_MAX_REQUEST 65535 /* Maximum tables per request. */
	-
	static struct pf_pool pf_get_pool(char , u_int32_t, u_int8_t, u_int32_t,
	u_int8_t, u_int8_t, u_int8_t);

	@@ -218,6 +216,8 @@
	/* pflog */
	pflog_packet_t *pflog_packet_ptr = NULL;

	+extern u_long pf_ioctl_maxcount;
	+
	static void
	pfattach_vnet(void)
	{
	@@ -2533,7 +2533,8 @@
	break;
	}

	- if (io->pfrio_size < 0 \|\| io->pfrio_size > PF_TABLES_MAX_REQUEST) {
	+ if (io->pfrio_size < 0 \|\| io->pfrio_size > pf_ioctl_maxcount \|\|
	+ WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_table))) {
	error = ENOMEM;
	break;
	}
	@@ -2564,7 +2565,8 @@
	break;
	}

	- if (io->pfrio_size < 0 \|\| io->pfrio_size > PF_TABLES_MAX_REQUEST) {
	+ if (io->pfrio_size < 0 \|\| io->pfrio_size > pf_ioctl_maxcount \|\|
	+ WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_table))) {
	error = ENOMEM;
	break;
	}
	@@ -2741,6 +2743,7 @@
	break;
	}
	if (io->pfrio_size < 0 \|\|
	+ io->pfrio_size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) {
	error = EINVAL;
	break;
	@@ -2778,6 +2781,7 @@
	break;
	}
	if (io->pfrio_size < 0 \|\|
	+ io->pfrio_size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) {
	error = EINVAL;
	break;
	@@ -2819,7 +2823,8 @@
	break;
	}
	count = max(io->pfrio_size, io->pfrio_size2);
	- if (WOULD_OVERFLOW(count, sizeof(struct pfr_addr))) {
	+ if (count > pf_ioctl_maxcount \|\|
	+ WOULD_OVERFLOW(count, sizeof(struct pfr_addr))) {
	error = EINVAL;
	break;
	}
	@@ -2857,6 +2862,7 @@
	break;
	}
	if (io->pfrio_size < 0 \|\|
	+ io->pfrio_size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) {
	error = EINVAL;
	break;
	@@ -2888,6 +2894,7 @@
	break;
	}
	if (io->pfrio_size < 0 \|\|
	+ io->pfrio_size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_astats))) {
	error = EINVAL;
	break;
	@@ -2919,6 +2926,7 @@
	break;
	}
	if (io->pfrio_size < 0 \|\|
	+ io->pfrio_size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) {
	error = EINVAL;
	break;
	@@ -2956,6 +2964,7 @@
	break;
	}
	if (io->pfrio_size < 0 \|\|
	+ io->pfrio_size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) {
	error = EINVAL;
	break;
	@@ -2993,6 +3002,7 @@
	break;
	}
	if (io->pfrio_size < 0 \|\|
	+ io->pfrio_size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) {
	error = EINVAL;
	break;
	@@ -3045,6 +3055,7 @@
	break;
	}
	if (io->size < 0 \|\|
	+ io->size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) {
	error = EINVAL;
	break;
	@@ -3121,6 +3132,7 @@
	break;
	}
	if (io->size < 0 \|\|
	+ io->size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) {
	error = EINVAL;
	break;
	@@ -3198,6 +3210,7 @@
	}

	if (io->size < 0 \|\|
	+ io->size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) {
	error = EINVAL;
	break;
	@@ -3410,6 +3423,7 @@
	}

	if (io->pfiio_size < 0 \|\|
	+ io->pfiio_size > pf_ioctl_maxcount \|\|
	WOULD_OVERFLOW(io->pfiio_size, sizeof(struct pfi_kif))) {
	error = EINVAL;
	break;

File Metadata

Mime Type: text/plain
Expires: Sat, Feb 22, 8:01 PM (1 h, 15 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16778913
Default Alt Text: D15018.diff (4 KB)

D15018.diff
No OneTemporary
Actions

D15018.diff
View Options

File Metadata

Event Timeline

D15018.diffNo OneTemporaryActions

D15018.diffView Options

File Metadata

Event Timeline

D15018.diff
No OneTemporary
Actions

D15018.diff
View Options